American Libraries

So I'm science fiction writer, as well as doing some other stuff. And I have a colleague who wrote an infamous book called The Transparent Society in which he was positive that we would move to a word where it was so hard to protect your information that we would have to give up. And instead we would compel lawmakers to allow us to spy on them just as much as they spy on us and that this would end privacy, but in a good way. And every time I encounter this idea—and it's one that certainly has a lot of currency with geeks who see it as a techno-triumphalist dream of way of squaring the privacy circle—I say, "You're starting by saying have enough rule of law left in your ubiquitous technologies society that we can force lawmakers to let us spy on them, but not so much that we can't force them not to spy on us." And I think that this is the important thing to keep in mind as we start talking about the intersection of technology and privacy is that we're not just talking about what technology does, we're talking about what policy and law do, too. And we're in a position to influence all three of those and they all interact with one another.

So one of the kinds of laws that we write is code—software code—as my friend and mentor, Mitch Kapor, who founded the Electronic Frontier Foundation says, “Architecture is politics.” When we build network societies and systems, we end up evolving the political system that will come out of them; they're interrelated and one grows out of the other naturally. So when we say, "Do we need to care about the privacy of our patrons, in light of the fact that they're already giving away their information on social networking services?" We can look at these social networking services and say, "What are the politics of their architecture?" They're Skinner Boxes designed to award people who disclose their personal information. And so it's unsurprising that the people who use them disclose their personal information and I’m pretty upset about it in a lot of ways. But at least one thing we can say about people who use these social networking services is that they're deciding when and what circumstances they're going to divulge their personal information.

We have an unfortunate tendency to conflate personal and private with secret and we say, "Well, given that this information isn't a secret, given that it's known by other people, how can you say that it's private?" And we can in fact say that there are a lot of things that are in secret that are in private. Every one of us does something private and not secret when we go to the bathroom. Every one of us has parents who did at least one private thing that's not a secret, otherwise we wouldn't be here. (Laughter)

So this decision—this determination—over when and under what circumstances your personal information is divulged tracks very closely to how free and how much power you have in a society. When you look at really stratified societies, particularly the great totalitarian empires of the last century, the further up the ladder you go, the more raw power you wield, the more raw power you have over this disclosure of your personal information. And the further down the ladder you go, the less power you have. So really, when we start talking about a society in which people no longer get to choose the circumstances under which we disclose their information, we're talking about a society in which we all end up living under the thumb of a Politburo, whether or not that's a Politburo that's embodied by faceless bureaucrats or simply as the outgrowth of our technology; it's not a society that I think we should want to live in.

So why do we enter Skinner Box? Why do we go online and so blindly give up our personal identifying information? Well, in part you can lay this at the feet of the architects of these system who design them to reward the people who do it. But you can also relate the blame at the feet of the people who've established a set of social and technological norms where we give away our personal information without our consent all the time or where we pay a substantial premium to maintain our personal information.

I live in London, England, which is sort of Ground Zero in the privacy wars. We recently had a changeover in the way our public transit system is built. We used to by enlarge use paper tickets and then people who had month-long passes would buy RFID-enabled passes. And they wanted to change it over to a system where everyone uses RFID-enabled passes. So what they did is they said, "Starting January 1, 2006, we're going to offer a discount to people who use RFID-enabled passes." What they did is they tripled the cost of using paper pass and then they kept the price of using the RFID-enabled pass static and said, "Here's your discount." Those of you who have ever gone to the Safeway counter without your “how-many-ounces-of-turkey-have-you-eaten-this-month” tracker card will know that in fact, the discount for disclosure is in fact a premium on privacy. And this is aimed at staples and it's aimed at staples consumed by the poorest and least capable in our society—the people who have the least choice over what they're going to buy. And so it's really not a level playing field and it's not a fair game.

I really admire Daniel's remarks, but I think it's a mistake to say that consumers don't care about privacy and that's why business don't make it a priority. I think it's fairer to say that there are many businesses that have very cynically manipulated the playing field so that consumers have no choice but to yield their privacy and that this has given us a generation where going on MySpace, going on Bebo, going Facebook and disclosing your personal information is just par for the course because you're already doing it every day, all day long. And it's not happening just in our young commercial environments, but also increasingly in our libraries and our schools, where it's become the norm that we track all of the Internet activity, where we track the books that are checked out, where this information is gathered by default by our tracking systems, and where you have to make an explicit act of will and really know what you're doing to turn off the logging in your systems. Our vendors have built this into our systems.

Our RFIDs are built so that the users of RFIDs have no capacity to set policy on them, to determine the circumstances under which the RFID is read, to discover when the RFID is read, to block the RFID from being read, and the vendors of RFIDs will say, "Yes, but this would astronomically raise the cost of producing an RFID tag if you built all these capacities into it." And it's true, in just the same way that seatbelts, a windshield, and brakes astronomically raise the cost of cars. But a vendor who decided to enter market with a low-cost vehicle that eschewed all these things would be taken out of the market, not by consumer choice, but by regulators who act in the public interest to say that when you ship these technologies without due care for the users of them, it's not the market that corrects it, it's the government that corrects it. And they step in and intervene here.

The problem with gathering all this information not that the state will have the perfect ability to predict everything that we do and stop us from doing it and intervene on us. The problem is that on the one hand, it creates this climate where we have less respect for our own personal privacy and on the other, it creates an environment where people who are malicious have the opportunity to inspect the record of your life and find in it one or more things that are wanton it. Very few of us would be willing to have everything we do splashed on the front page of The New York Times, or as Cardinal Richelieu said, “Give me six lines in an honest man's hand, and I'll find in them a reason to hang him.”

So in libraries we have the creeping specter of DRM. The libraries may be the last bastion of the DRM, in e-books and audiobooks. As the rest of the market is moving away from it, vendors, for some reason, are not treating libraries as first class citizens. And DRM has many problems with it, but one is that it constitutes a fine- grain form of surveillance over the commonplace acquisition and consumption of cultural materials. It's a word-by-word capacity to track what people read and how to use the information that they have. And a specialist in delivering information and connecting people with information, we should be deeply skeptical of this. I go so far as to say libraries have a moral duty to boycott technologies that do this to their patrons because it's in no one's interest to have this information—better not have the information in the stacks than to have it in a way that embodies a snitch, a curtain twitcher that watches every word that you read, every line you consume, and has the capacity to report it back to a mother ship. It is ubiquitous surveillance of cultural activity and it's in the service of something that will never come true—a mid 80's wet dream based of an information economy based on buying and selling information. You know, back in the 1980's, we decided that we would have an economic future in which we would drop all of our tariff walls, allow all of our manufacturing to be offshored, turn all of our factories into executive apartments, and make up the difference by forcing developing nations to adopt strong copyright laws that would allow us to sell them information by the sentence. And this has turned out to be a complete debacle. It turns out that an information economy based on limiting access to information is about as viable as an industrial economy based on limiting access to machines. So we are here, trying to enable publishers, record labels, and filmmakers to chase a business model that no one wants. No one woke up this morning and said I wish there was a way I could do less with my music, maybe my library has some DRM music for me. (Laughter)

So at the end of the day, this surveillance not only undermines our own personal security, but it undermines our social security, first, by undermining the bonds that bind us together. One thing we know about surveillance societies is they are societies in which people no longer trust each other: A nation of pecks, snitches, and curtain twitchers is a nation where this is none of the social cohesion that allows people to come together to help each other as neighbors and as members of the same community. But it also undermines our security because it makes our haystacks bigger without making it any easier to find our needles. The 911 Commission concluded that the intelligence apparatus in this country knew everything it needed to know to predict the 911 attacks. Unfortunately, it knew a lot of other things, too, that got in the way of discovering that it knew everything it needed to know.

The mad response in the last 8 years to this has been to make the haystacks bigger, on the grounds that it would make it easier to find the needles. And as information specialists we all end up being part of that system. We collect the information that then the government turns up and demands from us to put it in the giant databases that makes it harder for him to find the bad guys, who in fact do occasionally constitute an existential threat to us. I live in London. On 7/7 they blew up the bus I take to work every day and the train that my wife takes to work every day. I happened to be teaching in Michigan that day and my wife happened to be ten minutes late for work that day. So this stuff matters to me. I love if we can catch people who wanted to blow up public transit. I don't think we do that by making it harder for specialists in intelligence to find the actual valid intelligence by filling the field with so much radar chat that known can actually spot the important stuff there for all the unimportant stuff we've gathered.

The other way that it weakens our security is because it gives us surveillance instead of policing. In London we have, I think, 14 CCTVs per blood cell in London. (Laughter) And the remote rail stations—the Tube stations—we've replaced the night guards who stand watch over the turnstiles with cameras. And one of the problems of this is that cameras are only forensic; once you have that many cameras, no one watches them. So they only allow you to solve crimes after the fact and not very often at that. They rarely prevent crimes the way a human being sitting in a guard's booth might be able to. So my friend, Thomas was coming home from work a couple years ago and he came out of this train station and was followed up by three young men who followed him to his door, mugged him for his mobile phone, and stabbed him to death on his doorstep. And afterwards they caught him, but he was already dead.

The central premise of the CCTV as a means of securing a society is that criminals are a bunch of Moriartys who sit in their basements, ruthlessly planning out a life of crime from which they will he is cape all punishment. As opposed to a bunch of people, dumb as a sack of hammers, making bad decisions about their lives, like mugging people for their cell phones and killing them on their doorsteps. It turns out that crack addicts who kill you for your cell phones are not in fact people who make long-term good decisions about their lives and freedom. So without that criminal mastermind element, CCTVs don't, in fact, make us safer. So I said it before and I'll close with it: Architecture is politics. The systems that we build that control the access to information and the communities that we form around it will term the societies that we build in the future. And we as information specialists, by our choice to adopt or eschew these technologies are determining whether our descendants will (Applause)